lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

NFS - fix potential NULL pointer dereference v2

Browse Source 
There is possible NULL pointer dereference if kstr[n]dup failed.
So fix them for safety.

Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
Cyrill Gorcunov
2008-04-17 20:42:09 +04:00
committed by Trond Myklebust
parent cd019f7517
commit 63649bd708
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
fs/nfs/super.c
View File

@@ -1297,6 +1297,8 @@ static int nfs_validate_mount_data(void *options,
args->namlen = data->namlen; args->namlen = data->namlen;
args->bsize = data->bsize; args->bsize = data->bsize;
args->auth_flavors[0] = data->pseudoflavor; args->auth_flavors[0] = data->pseudoflavor;
if (!args->nfs_server.hostname)
goto out_nomem;
/* /*
* The legacy version 6 binary mount data from userspace has a * The legacy version 6 binary mount data from userspace has a
@@ -1343,6 +1345,8 @@ static int nfs_validate_mount_data(void *options,
len = c - dev_name; len = c - dev_name;
/* N.B. caller will free nfs_server.hostname in all cases */ /* N.B. caller will free nfs_server.hostname in all cases */
args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
if (!args->nfs_server.hostname)
goto out_nomem;
c++; c++;
if (strlen(c) > NFS_MAXPATHLEN) if (strlen(c) > NFS_MAXPATHLEN)
@@ -1386,6 +1390,10 @@ out_v3_not_compiled:
return -EPROTONOSUPPORT; return -EPROTONOSUPPORT;
#endif /* !CONFIG_NFS_V3 */ #endif /* !CONFIG_NFS_V3 */
out_nomem:
dfprintk(MOUNT, "NFS: not enough memory to handle mount options\n");
return -ENOMEM;
out_no_address: out_no_address:
dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n"); dfprintk(MOUNT, "NFS: mount program didn't pass remote address\n");
return -EINVAL; return -EINVAL;
@@ -1892,12 +1900,16 @@ static int nfs4_validate_mount_data(void *options,
return -ENAMETOOLONG; return -ENAMETOOLONG;
/* N.B. caller will free nfs_server.hostname in all cases */ /* N.B. caller will free nfs_server.hostname in all cases */
args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL); args->nfs_server.hostname = kstrndup(dev_name, len, GFP_KERNEL);
if (!args->nfs_server.hostname)
goto out_nomem;
c++; /* step over the ':' */ c++; /* step over the ':' */
len = strlen(c); len = strlen(c);
if (len > NFS4_MAXPATHLEN) if (len > NFS4_MAXPATHLEN)
return -ENAMETOOLONG; return -ENAMETOOLONG;
args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL); args->nfs_server.export_path = kstrndup(c, len, GFP_KERNEL);
if (!args->nfs_server.export_path)
goto out_nomem;
dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path); dprintk("NFS: MNTPATH: '%s'\n", args->nfs_server.export_path);
@@ -1919,6 +1931,10 @@ out_inval_auth:
data->auth_flavourlen); data->auth_flavourlen);
return -EINVAL; return -EINVAL;
out_nomem:
dfprintk(MOUNT, "NFS4: not enough memory to handle mount options\n");
return -ENOMEM;
out_no_address: out_no_address:
dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n"); dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n");
return -EINVAL; return -EINVAL;